SonarQube - Static Tool to Analyse and Inspect Code Quality
Take a look at this quick introduction to SonarQube, demonstrating how to set up SonarQube and display metrics using dashboards.
Join the DZone community and get the full member experience.Join For Free
There are many tools in the testing world to find out bugs and analyze the code after running or execution of the program. Such tools are called dynamic testing tool. There are only few static testing tools that analyze code and give us reports without any execution. We are going to see about one such tool called SonarQube here. Let's see what is it and how to do code inspection in a maven project.
It is an open-source tool used for continuous inspection of code quality. It helps in finding out bugs, code smells, code coverage, and security vulnerabilities. It provides detailed reports on coding standards, unit tests, code coverage, bugs, and security vulnerabilities.
It supports all major programming languages like Java, Python, Ruby, etc. All supported lanuguages are listed here.
SonarQube with Maven
Let's dive directly to analysis steps in a Java+Maven project.
Take a Docker Pull
SonarQube is available as a Docker image. All we need to do is take a pull and start the server in your local. Follow the below steps and start the server.
The server runs in 9000 port. So it is mandatory to start the server in the same port. Now check the SonarQube dashboard here. Wait until you see this screen.
That's it. We are all set to use SonarQube in our project.
After building your project, run the below command.
Upon a successful build, you will be able to see these logs. Now as you see in logs, click on reports link to analyze the reports.
Bugs, vulnerabilities, code coverage, and security issues are in the dashboard. You can see a detailed report under the issues tab and measures tab.
Thanks for reading!! You can find a sample project here.
Opinions expressed by DZone contributors are their own.